standalone as7
create SecurityDomain with default-cache set.
attempt to create 'authentication|authorization|mapping|audit' children with valid details via json.
See description for more details.

Description

-'Add' operation for Security Domain children(Authentication,Authorization,Audit,Mapping) 'fails with JBAS014746: login-modules may not be null'. The fail message is for Authentication specifically ..but the other nodes fail with matching provider-modules not be null,etc.

Assumes there is a securityDomain of name 'testDomain3' with cache-type='default'.

-Once the Security Domain child does exist 'read-attribute' and 'write-attribute' operations work as expected via json. This indicates to me that the json values for 'login-modules' is sound but just not acceptable because of a bug.

This is what the json contents look like before being sent off to the server. Switching 'add' to 'write-attribute' works correctly once the node already exists.:
{
"operation" : "add",
"address" : [
{
"subsystem" : "security"
}

Activity

Two things:
i)The json text doesn't look right in the description, but if you hit edit it's available again.
ii)I did take the valid CLI command, and created CommandContextFactory with it and used .toJsonString to make sure the json being sent matched what was expected. Unless the json for 'add' is quite different from the json for 'write-attribute', then this looks like a bug to me.

Simeon Pinder
added a comment - 05/Jun/12 12:44 PM Two things:
i)The json text doesn't look right in the description, but if you hit edit it's available again.
ii)I did take the valid CLI command, and created CommandContextFactory with it and used .toJsonString to make sure the json being sent matched what was expected. Unless the json for 'add' is quite different from the json for 'write-attribute', then this looks like a bug to me.

I just pinged you in #jboss-as7 with this response:
darranl: I did add the 'login-module' module component even in batch mode. I don't think batching has anything to do with this issue. The only difference between 'add' and 'write-attribute' is the operation name. 'add' fails when there is no component, but 'write-attribute' succeeds without problem and successfully updates when there is an existing 'authentication=classic' component.
darranl: In both case the 'login-module' attribute is defined in the exact same way and by the same json excerpt. The fact 'login-module' is valid for 'write-attribute' and not for 'add' is why I think this is a bug.

If you hit 'Edit' mode for this JIRA you will see the json excerpt being sent as the raw json is being parsed as a macro above otherwise.

Does this help to clarify? I also think this is past a forum post because all the details are already laid out here in a public jira. No?

Simeon Pinder
added a comment - 06/Jun/12 10:59 AM I just pinged you in #jboss-as7 with this response:
darranl: I did add the 'login-module' module component even in batch mode. I don't think batching has anything to do with this issue. The only difference between 'add' and 'write-attribute' is the operation name. 'add' fails when there is no component, but 'write-attribute' succeeds without problem and successfully updates when there is an existing 'authentication=classic' component.
darranl: In both case the 'login-module' attribute is defined in the exact same way and by the same json excerpt. The fact 'login-module' is valid for 'write-attribute' and not for 'add' is why I think this is a bug.
If you hit 'Edit' mode for this JIRA you will see the json excerpt being sent as the raw json is being parsed as a macro above otherwise.
Does this help to clarify? I also think this is past a forum post because all the details are already laid out here in a public jira. No?

Darran Lofthouse
added a comment - 07/Jun/12 11:28 AM The attached client both adds and removes a security domain over HTTP - on adding the authentication element at least one login module definition needs to be included.
I am however having a problem adding the module-options that I am still looking into.

Stefan - Do you mind if I take ownership of this issue? The original complaint appears resolved with a compound operation of two add steps within the compound operation to add the domain definition but there is still a problem regarding the required type to define the module options - I really need to discuss this further with Brian as there is a backwards compatibility issue to this as well as an issue relating to validating happening at different points.

Darran Lofthouse
added a comment - 08/Jun/12 5:09 AM Stefan - Do you mind if I take ownership of this issue? The original complaint appears resolved with a compound operation of two add steps within the compound operation to add the domain definition but there is still a problem regarding the required type to define the module options - I really need to discuss this further with Brian as there is a backwards compatibility issue to this as well as an issue relating to validating happening at different points.

Darran Lofthouse
added a comment - 08/Jun/12 5:33 AM Ignore the last comments and see the latest HttpClient attached - a slightly different form was needed to specify the module-options.
This client demonstrates that it is possible to fully define a security domain using json over the HTTP management interface. For that reason I believe this issue can now be resolved.